<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php include('menu.php'); ?>
<script language="javascript">

function open_popup(){
	
	if(document.formedit.firstname.value == "")
	{
		alert('กรุณากรอกชื่อ');
		document.formedit.firstname.focus();
		return false;
	}
	
	if(document.formedit.lastname.value == "")
	{
		alert('กรุณากรอกนามสกุล');
		document.formedit.lastname.focus();
		return false;
	}
	
	if(document.formedit.username.value == "")
	{
		alert('กรุณากรอกชื่อผู้ใช้งานระบบ');
		document.formedit.username.focus();
		return false;
	}
	
	if(document.formedit.phone.value == "")
	{
		alert('กรุณากรอกเบอร์โทรศัพท์');
		document.formedit.phone.focus();
		return false;
	}

	if(document.formedit.password.value != document.formedit.password2.value)
	{
		alert('กรุณากรอกรหัสผ่านให้ตรงกัน');
		document.formedit.password.focus();
		return false;
	}
	
	document.formedit.submit();
}
</script>
</head>
<body>
<?php
include("../connect/connect.php");

//แก้ไข
if($_GET["action"]=="update") {

	if($_POST['firstname'] != "" AND $_POST['lastname'] != "" AND $_POST['username'] != "" AND $_POST['phone'])
		{
		if($_POST['password']!="" && $_POST['password2'] !="") {
			$Query = "UPDATE user SET user_password = '".$_POST["password"]."',user_name = '".$_POST["firstname"]."',user_surname = '".$_POST["lastname"]."',user_tel = '".$_POST["phone"]."' WHERE user_id = '".$_POST["user_id"]."'";
			$objQuery = mysql_query($Query);
			
			echo "<script type=\"text/javascript\"> window.location=\"employee_manage.php\"</script>";
			exit();
			} else {
			$Query = "UPDATE user SET user_name = '".$_POST["firstname"]."',user_surname = '".$_POST["lastname"]."',user_tel = '".$_POST["phone"]."' WHERE user_id = '".$_POST["user_id"]."'";
			$objQuery = mysql_query($Query);
			
			echo "<script type=\"text/javascript\"> window.location=\"employee_manage.php\"</script>";
			exit();
			}
		}
}

$Query = "SELECT * FROM user WHERE user_id = '".$_GET["id"]."'";
$objQuery = mysql_query($Query) or die ("Error Query [".$Query."]");
$row = mysql_fetch_array($objQuery);
?>
<form action="?action=update" name="formedit" method="post" id="formedit">
<div class="box">
  <div class="left"></div>
  <div class="right"></div>
    <div class="heading">
      <h1>แก้ไขข้อมูลพนักงาน</h1>
      <div class="buttons"><a onclick="open_popup();" class="button"><span>บันทึก</span></a><a onclick="location = 'product_manage.php';" class="button"><span>ยกเลิก</span></a></div></div>
  <div class="content">
    <table class="form">
      <tr>
        <td>ชื่อ : </td>
        <td><input name="firstname" type="text" id="firstname" value="<?php echo $row["user_name"];?>" maxlength="100" />
		<input type="hidden" name="user_id" id="user_id" value="<?php echo $row["user_id"];?>"  /></td>
      </tr>
      <tr>
        <td>นามสกุล : </td>
        <td><input name="lastname" type="text" id="lastname" value="<?php echo $row["user_surname"];?>" maxlength="100" /></td>
      </tr>
      <tr>
        <td>ชื่อผู้ใช้งานระบบ : </td>
        <td><input name="username" type="text" readonly="readonly" id="username" value="<?php echo $row["user_username"];?>" maxlength="32" />
        *ไม่สามารถแก้ไขได้</td>
      </tr>
      <tr>
        <td>รหัสผ่านใหม่ : </td>
        <td><input name="password" type="password" id="password" maxlength="32" /> 
          *กรอกเมื่อต้องการเปลี่ยนรหัสผ่าน</td>
      </tr>
      <tr>
        <td>ยืนยันรหัสผ่านใหม่ : </td>
        <td><input name="password2" type="password" id="password2" maxlength="32" />
          *กรอกเมื่อต้องการเปลี่ยนรหัสผ่าน</td>
      </tr>
      <tr>
        <td>เบอร์โทรศัพท์ : </td>
        <td><input name="phone" type="text" id="phone" value="<?php echo $row["user_tel"];?>" maxlength="10" /></td>
      </tr>
    </table>
  </div>
</div>
</form>
</body>
<?php  mysql_close(); ?>
</html>
